Headline
Zoom Patches ‘Zero-Click’ RCE Bug
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
Zoom patched a medium-severity flaw, advising Windows, macOS, iOS and Android users to update their client software to version 5.10.0.
The Google Project Zero security researcher Ivan Fratric noted in a report that an attacker can exploit a victim’s machine over a zoom chat. The bug, tracked as CVE-2022-22787, has a CVSS severity rating of 5.9.
“User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol,” Ivan explained.
So called zero-click attacks do not require users take any action and are especially potent given even the most tech-savvy of users can fall prey to them.
XMPP stands for Extensible Messaging Presence Protocol and is used to send XML elements called stanzas over a stream connection to exchange messages and presence information in real-time. This messaging protocol is used by Zoom for its chat functionality.
In a security bulletin published by Zoom, the CVE-2022-22786 (CVSS score 7.5) affects the Windows users, while the other CVE-2022-22784, CVE-2022-22785, and CVE-2022-22787 impacted Zoom client versions before 5.10.0 running on Android, iOS, Linux, macOS, and Windows systems.
****Working of Bug** **
The initial vulnerability described by Ivan as “XMPP stanza smuggling” abuses the parsing inconsistencies between XML parser in Zoom client and server software to “smuggle” arbitrary XMPP stanzas to the victim machine.
An attacker sending a specially crafted control stanza can force the victim client to connect with a malicious server thus leading to a variety of attacks from spoofing messages to sending control messages.
Ivan noted that “the most impactful vector” in XMPP stanza smuggling vulnerability is an exploit of “ClusterSwitch task in the Zoom client, with an attacker-controlled “web domain” as a parameter”.
Related news
Malwarebytes is offering customers its ThreatDown Vulnerability Assessment solution without extra costs to help reduce attack surfaces and improve their security posture
Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host.
Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.
Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code. Tracked from CVE-2022-22784 through CVE-2022-22787, the issues range between 5.9 and 8.1 in severity. Ivan Fratric of Google
Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code. Tracked from CVE-2022-22784 through CVE-2022-22787, the issues range between 5.9 and 8.1 in severity. Ivan Fratric of Google
Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code. Tracked from CVE-2022-22784 through CVE-2022-22787, the issues range between 5.9 and 8.1 in severity. Ivan Fratric of Google
Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code. Tracked from CVE-2022-22784 through CVE-2022-22787, the issues range between 5.9 and 8.1 in severity. Ivan Fratric of Google
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.